From owner-freebsd-isp@FreeBSD.ORG  Mon Jul 25 20:31:18 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1088D16A4D8
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 20:31:17 +0000 (GMT)
	(envelope-from gbaratto@superb.net)
Received: from master4.yvr1.superb.net (master4.yvr1.superb.net [209.82.78.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 81FB143D45
	for <freebsd-isp@freebsd.org>; Mon, 25 Jul 2005 20:31:16 +0000 (GMT)
	(envelope-from gbaratto@superb.net)
Received: from guinness (fw.yvr1.superb.net [209.82.78.2])
	by master4.yvr1.superb.net (8.12.9/8.12.9) with SMTP id j6PKV60d016723; 
	Mon, 25 Jul 2005 13:31:06 -0700 (PDT)
Message-ID: <01b001c59157$806bae10$7201a8c0@guinness>
From: "Gustavo A. Baratto" <gbaratto@superb.net>
To: "Thomas Krause" <freebsd-isp@chef-ingenieur.de>, <freebsd-isp@freebsd.org>
References: <42E54654.1090705@chef-ingenieur.de>
Date: Mon, 25 Jul 2005 13:29:00 -0700
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-15";
	reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Cc: 
Subject: Re: preventing a user to start a process
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jul 2005 20:31:19 -0000

Use php safe_mode. This will prevent the execution of external commands from 
php. Depending on you what you mean by "usable", this may be a problem.

Or make sure php doesnt allow uploads to /tmp or /var/tmp (disable FTP in 
PHP). This will prevent the ircs or any other scripts to be uploaded in the 
first place.


----- Original Message ----- 
From: "Thomas Krause" <freebsd-isp@chef-ingenieur.de>
To: <freebsd-isp@freebsd.org>
Sent: Monday, July 25, 2005 1:06 PM
Subject: preventing a user to start a process


> Hello,
> is it possible to bar a user (www) from starting a process?
> I've a irc daemon running under the uid www. I think
> this was done by php. What would be the best way to prevent
> this (php should be remain usable)? I've installed ipfw rules,
> but this doesn't prevent the starting of the process.
>
> Kind regards,
> Thomas.
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>